Continous Release #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| run-name: "Continous Release" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 1 * * 3' # this means every Wednesday @1am UTC | |
| permissions: | |
| contents: read | |
| jobs: | |
| rc: | |
| name: Check if we need a new release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| issues: read | |
| outputs: | |
| rc: ${{ steps.rc.outputs.new_release_published }} | |
| ver: ${{ steps.rc.outputs.new_release_version }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Check if new version will be produced | |
| id: rc | |
| uses: cycjimmy/semantic-release-action@v3 | |
| with: | |
| dry_run: true | |
| semantic_version: 19.0 | |
| extra_plugins: | | |
| conventional-changelog-conventionalcommits@^5.0.0 | |
| @semantic-release/git@^10.0.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| pyversion: | |
| name: Discover minimum Python version | |
| needs: rc | |
| if: needs.rc.outputs.rc == 'true' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| pyversion: ${{ steps.pyversion.outputs.pyversion }} | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v3 | |
| - name: discover Python version | |
| id: pyversion | |
| uses: ./.github/actions/discover_python_version | |
| code_format: | |
| name: Validate code formatting | |
| needs: pyversion | |
| uses: ./.github/workflows/sub_format.yml | |
| with: | |
| python_version: ${{ needs.pyversion.outputs.pyversion }} | |
| unit_tests: | |
| name: Validate all Unit Tests pass | |
| needs: pyversion | |
| uses: ./.github/workflows/sub_unittest.yml | |
| with: | |
| python_version: ${{ needs.pyversion.outputs.pyversion }} | |
| documentation_check: | |
| name: Validate that the API documentation is up to date | |
| needs: pyversion | |
| uses: ./.github/workflows/sub_docs.yml | |
| with: | |
| python_version: ${{ needs.pyversion.outputs.pyversion }} | |
| release: | |
| name: Create a new release | |
| runs-on: ubuntu-latest | |
| if: needs.rc.outputs.rc == 'true' | |
| needs: | |
| - rc | |
| - code_format | |
| - unit_tests | |
| - documentation_check | |
| - pyversion | |
| concurrency: release | |
| permissions: | |
| contents: write | |
| issues: read | |
| outputs: | |
| released: ${{ steps.release.outputs.new_release_published }} | |
| tag: ${{ steps.release.outputs.new_release_git_tag }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ needs.pyversion.outputs.pyversion }} | |
| - name: Install Poetry | |
| uses: Gr1N/setup-poetry@v8 | |
| - name: Create Poetry venv | |
| run: | | |
| poetry env use ${{ needs.pyversion.outputs.pyversion }} | |
| - name: Bump package version | |
| env: | |
| VERSION: ${{ needs.rc.outputs.ver }} | |
| run: | | |
| poetry version "${VERSION}" | |
| - name: Create release and publish to GitHub | |
| id: release | |
| uses: cycjimmy/semantic-release-action@v3 | |
| with: | |
| semantic_version: 19.0 | |
| extra_plugins: | | |
| conventional-changelog-conventionalcommits@^5.0.0 | |
| @semantic-release/git@^10.0.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to PyPI | |
| env: | |
| POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }} | |
| run: | | |
| poetry publish --build --skip-existing | |
| docker_image_build: | |
| name: Build and Publish Docker image | |
| needs: | |
| - rc | |
| - release | |
| - pyversion | |
| permissions: | |
| contents: read | |
| packages: write | |
| uses: ./.github/workflows/docker.yml | |
| with: | |
| publish: true | |
| python_version: ${{ needs.pyversion.outputs.pyversion }} | |
| tag_name: v${{ needs.rc.outputs.ver }} | |
| cleanup_pandev: | |
| name: Cleanup documentation release PRs @PAN.DEV | |
| runs-on: ubuntu-latest | |
| if: needs.release.outputs.released == 'true' | |
| needs: | |
| - docker_image_build | |
| - release | |
| steps: | |
| - name: cleanup old PRs | |
| uses: actions/github-script@v6 | |
| with: | |
| result-encoding: string | |
| github-token: ${{ secrets.CLSC_PAT }} | |
| script: | | |
| let prs = await github.rest.pulls.list({ | |
| owner: "PaloAltoNetworks", | |
| repo: "pan.dev", | |
| state: "open", | |
| }) | |
| let prs_list = prs.data | |
| console.log("Total PRs found: " + prs_list.length) | |
| let found = false | |
| let pr_no | |
| if (prs_list.length > 0){ | |
| console.log("Removing obsolete PRs:") | |
| for (let pr of prs_list){ | |
| if ( | |
| pr.head.label.includes("PaloAltoNetworks:v") | |
| && pr.head.repo.full_name == "PaloAltoNetworks/panos-upgrade-assurance-pan.dev" | |
| ){ | |
| console.log(" - removing PR (#" + pr.number + ") " + pr.title + " -> " + pr.url) | |
| await github.rest.pulls.update({ | |
| owner: "PaloAltoNetworks", | |
| repo: "pan.dev", | |
| pull_number: pr.number, | |
| state: "closed", | |
| }) | |
| } | |
| } | |
| } | |
| store_documentation: | |
| name: Fetch the updated documentation | |
| if: needs.release.outputs.released == 'true' | |
| needs: | |
| - docker_image_build | |
| - release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout code | |
| uses: actions/checkout@v3 | |
| - name: pack the documentation | |
| working-directory: docs | |
| run: tar --exclude .DS_Store --exclude sidebars.js -cvf documentation.tar * | |
| - name: upload the documentation artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: documentation | |
| path: docs/documentation.tar | |
| update_pandev: | |
| name: Create a PR for pan.dev | |
| if: needs.release.outputs.released == 'true' | |
| needs: | |
| - cleanup_pandev | |
| - release | |
| - store_documentation | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: checkout pan.dev | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: PaloAltoNetworks/pan.dev | |
| token: ${{ secrets.CLSC_PAT }} | |
| - name: download documentation artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: documentation | |
| path: products/panos/docs | |
| - name: unpack the documentation | |
| working-directory: products/panos/docs | |
| run: | | |
| rm -rf 'panos-upgrade-assurance' | |
| tar xvf documentation.tar | |
| rm -f documentation.tar | |
| - name: create a PR to upstream pan.dev | |
| id: pr | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| push-to-fork: PaloAltoNetworks/panos-upgrade-assurance-pan.dev | |
| token: ${{ secrets.CLSC_PAT }} | |
| delete-branch: true | |
| branch: "${{ needs.release.outputs.tag }}" | |
| title: "[PAN-OS Upgrade Assurance] documentation update for release: ${{ needs.release.outputs.tag }}" | |
| commit-message: "docs: PanOS Upgrade Assurance documentation update" | |
| body: | | |
| # Description | |
| A PR made for changes introduced into documentation on ${{ needs.release.outputs.tag }} release. | |
| # Types of changes | |
| New feature (non-breaking change which adds functionality) |